<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content=
    "application/xhtml+xml; charset=iso-8859-1" />
    <title>
      cryptsetup-2.3.1
    </title>
    <link rel="stylesheet" type="text/css" href="../stylesheets/lfs.css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.78.1" />
    <link rel="stylesheet" href="../stylesheets/lfs-print.css" type=
    "text/css" media="print" />
  </head>
  <body class="blfs" id="blfs-2020-04-02">
    <div class="navheader">
      <h4>
        Beyond Linux<sup>�</sup> From Scratch <span class="phrase">(System
        V</span> Edition) - Version 2020-04-02
      </h4>
      <h3>
        Chapter&nbsp;4.&nbsp;Security
      </h3>
      <ul>
        <li class="prev">
          <a accesskey="p" href="cracklib.html" title=
          "CrackLib-2.9.7">Prev</a>
          <p>
            CrackLib-2.9.7
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="cyrus-sasl.html" title=
          "Cyrus SASL-2.1.27">Next</a>
          <p>
            Cyrus SASL-2.1.27
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 2020-04-02">
          Home</a>
        </li>
      </ul>
    </div>
    <div class="sect1" lang="en" xml:lang="en">
      <h1 class="sect1">
        <a id="cryptsetup" name="cryptsetup"></a>cryptsetup-2.3.1
      </h1>
      <div class="package" lang="en" xml:lang="en">
        <h2 class="sect2">
          Introduction to cryptsetup
        </h2>
        <p>
          cryptsetup is used to set up transparent encryption of block
          devices using the kernel crypto API.
        </p>
        <p>
          This package is known to build and work properly using an LFS-9.1
          platform.
        </p>
        <h3>
          Package Information
        </h3>
        <div class="itemizedlist">
          <ul class="compact">
            <li class="listitem">
              <p>
                Download (HTTP): <a class="ulink" href=
                "https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.1.tar.xz">
                https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.1.tar.xz</a>
              </p>
            </li>
            <li class="listitem">
              <p>
                Download MD5 sum: cef482c0579f34d9524311ac70c0875f
              </p>
            </li>
            <li class="listitem">
              <p>
                Download size: 11 MB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated disk space required: 29 MB (add 12 MB for tests)
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated build time: 0.2 SBU (add 15 SBU for tests)
              </p>
            </li>
          </ul>
        </div>
        <h3>
          cryptsetup Dependencies
        </h3>
        <h4>
          Required
        </h4>
        <p class="required">
          <a class="xref" href="../general/json-c.html" title=
          "JSON-C-0.13.1">JSON-C-0.13.1</a>, <a class="xref" href=
          "../general/libgcrypt.html" title=
          "libgcrypt-1.8.5">libgcrypt-1.8.5</a>, <a class="xref" href=
          "lvm2.html" title="LVM2-2.03.09">LVM2-2.03.09</a>, and <a class=
          "xref" href="../general/popt.html" title="Popt-1.16">popt-1.16</a>
        </p>
        <h4>
          Optional
        </h4>
        <p class="optional">
          <a class="xref" href="libpwquality.html" title=
          "libpwquality-1.4.2">libpwquality-1.4.2</a>, <a class="xref" href=
          "../general/python2.html" title="Python-2.7.17">Python-2.7.17</a>,
          and <a class="ulink" href=
          "http://www.openwall.com/passwdqc/">passwdqc</a>
        </p>
        <p class="usernotes">
          User Notes: <a class="ulink" href=
          "http://wiki.linuxfromscratch.org/blfs/wiki/cryptsetup">http://wiki.linuxfromscratch.org/blfs/wiki/cryptsetup</a>
        </p>
      </div>
      <div class="kernel" lang="en" xml:lang="en">
        <h2 class="sect2">
          <a id="cryptsetup-kernel" name="cryptsetup-kernel"></a>Kernel
          Configuration
        </h2>
        <p>
          Encrypted block devices require kernel support. To use it, the
          appropriate kernel configuration parameters need to be set:
        </p>
        <pre class="screen">
<code class="literal">Device Drivers  ---&gt;          
  [*] Multiple devices driver support (RAID and LVM) ---&gt; [CONFIG_MD]
       &lt;*/M&gt; Device mapper support                        [CONFIG_BLK_DEV_DM]
       &lt;*/M&gt; Crypt target support                         [CONFIG_DM_CRYPT]

Cryptographic API  ---&gt;                                    
  &lt;*/M&gt; XTS support                                       [CONFIG_CRYPTO_XTS]
  &lt;*/M&gt; SHA224 and SHA256 digest algorithm                [CONFIG_CRYPTO_SHA256]
  &lt;*/M&gt; AES cipher algorithms                             [CONFIG_CRYPTO_AES]
  &lt;*/M&gt; AES cipher algorithms (x86_64)                    [CONFIG_CRYPTO_AES_X86_64] 
  &lt;*/M&gt; User-space interface for symmetric key cipher algorithms
                                                          [CONFIG_CRYPTO_USER_API_SKCIPHER]
  For tests:
  &lt;*/M&gt; Twofish cipher algorithm                          [CONFIG_CRYPTO_TWOFISH]</code>
</pre>
      </div>
      <div class="installation" lang="en" xml:lang="en">
        <h2 class="sect2">
          Installation of cryptsetup
        </h2>
        <p>
          Install <span class="application">cryptsetup</span> by running the
          following commands:
        </p>
        <pre class="userinput">
<kbd class="command">./configure --prefix=/usr &amp;&amp;
make</kbd>
</pre>
        <p>
          To test the result, issue as the <code class=
          "systemitem">root</code> user: <span class="command"><strong>make
          check</strong></span>. Some tests may fail if the kernel
          configuration parameters above are not set. Three (of 21) tests are
          known to fail.
        </p>
        <p>
          Now, as the <code class="systemitem">root</code> user:
        </p>
        <pre class="root">
<kbd class="command">make install</kbd>
</pre>
      </div>
      <div class="configuration" lang="en" xml:lang="en">
        <h2 class="sect2">
          Configuring cryptsetup
        </h2>
        <p>
          Because of the number of possible configurations, setup of
          encrypted volumes is beyond the scope of the BLFS book. Please see
          the configuration guide in the cryptsetup <a class="ulink" href=
          "https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#2-setup">
          FAQ</a>.
        </p>
      </div>
      <div class="content" lang="en" xml:lang="en">
        <h2 class="sect2">
          Contents
        </h2>
        <div class="segmentedlist">
          <div class="seglistitem">
            <div class="seg">
              <strong class="segtitle">Installed Programs:</strong>
              <span class="segbody">cryptsetup, cryptsetup-reencrypt,
              integritysetup, and veritysetup</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Libraries:</strong>
              <span class="segbody">libcryptsetup.so</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Directories:</strong>
              <span class="segbody">None</span>
            </div>
          </div>
        </div>
        <div class="variablelist">
          <h3>
            Short Descriptions
          </h3>
          <table border="0" class="variablelist">
            <colgroup>
              <col align="left" valign="top" />
              <col />
            </colgroup>
            <tbody>
              <tr>
                <td>
                  <p>
                    <a id="cryptsetup-prog" name=
                    "cryptsetup-prog"></a><span class="term"><span class=
                    "command"><strong>cryptsetup</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to setup dm-crypt managed device-mapper mappings.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="cryptsetup-reencrypt" name=
                    "cryptsetup-reencrypt"></a><span class=
                    "term"><span class="command"><strong>cryptsetup-reencrypt</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a for offline LUKS device re-encryption.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="integritysetup" name=
                    "integritysetup"></a><span class="term"><span class=
                    "command"><strong>integritysetup</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a tool to manage dm-integrity (block level integrity)
                    volumes.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="veritysetup" name="veritysetup"></a><span class=
                    "term"><span class=
                    "command"><strong>veritysetup</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to configure dm-verity managed device-mapper
                    mappings. Device-mapper verity target provides read-only
                    transparent integrity checking of block devices using
                    kernel crypto API.
                  </p>
                </td>
              </tr>
            </tbody>
          </table>
        </div>
      </div>
      <p class="updated">
        Last updated on 2020-03-24 14:19:44 -0500
      </p>
    </div>
    <div class="navfooter">
      <ul>
        <li class="prev">
          <a accesskey="p" href="cracklib.html" title=
          "CrackLib-2.9.7">Prev</a>
          <p>
            CrackLib-2.9.7
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="cyrus-sasl.html" title=
          "Cyrus SASL-2.1.27">Next</a>
          <p>
            Cyrus SASL-2.1.27
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 2020-04-02">
          Home</a>
        </li>
      </ul>
    </div>
  </body>
</html>
